Martin Thomson <[email protected]> wrote: > On Sat, Apr 27, 2019, at 07:29, Viktor Dukhovni wrote: >> The sound-bite version is: first raise the ceiling, *then* the floor. > > Yep. We've done the ceiling bit twice now. > Once in 2008 when we published TLS 1.2 and then in 2018 > with the publication of TLS 1.3. I'd say we're overdue for the floor bit.
Just that this rationale is a blatant lie. It is formally provable that from the three protocol versions: TLSv1.0, TLSv1.1, TLSv1.2 the weakest one is TLSv1.2, because of the royally stupid downgrade in the strength of digitally signed. Disabling TLSv1.0 will only result in lots of interop failures and pain, but no improvement in security. -Martin _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
